Winkodocs
Open the app

Security and sync

Winko is non-custodial. Your keys are encrypted in your browser and your transactions are signed locally. The server only provides RPC, transaction routing and the live data feed.

How your keys are handled

  • Local signing. Every transaction is signed in your browser. Private keys never leave your machine in plaintext.
  • Encryption at rest. Wallets and settings are encrypted under a key derived from your license. The server only ever stores ciphertext, so it cannot read your keys.
  • Validation on import. Every imported private key is checked against its public key before it joins the fleet, so a corrupt or mismatched paste is rejected.

What runs on the server

  • RPC access to Solana.
  • The multi-relay transaction routing, see Transaction landing. Relay keys (BlockRazor, Stellium, Flashblock) stay server-side and never reach the browser.
  • The live data feed, see Live data feed. The gRPC token stays server-side too.

Cross-device sync

Your wallet groups and settings are encrypted and synced to your license. Sign in with the same key on another machine and your full setup appears there. Local storage is kept as a fast cache so the app loads instantly, and changes are pushed to the server in the background.

Winko docs